Implant Container Image

Adversaries may implant cloud container images with malicious code to establish persistence. Amazon Web Service (AWS) Amazon Machine Images (AMI), Google Cloud Platform (GCP) Images, and Azure Images as well as popular container runtimes such as Docker can be implanted or backdoored. Depending on how the infrastructure is provisioned, this could provide persistent access if the infrastructure provisioning tool is instructed to always use the latest image.[1]

A tool has been developed to facilitate planting backdoors in cloud container images.[2] If an attacker has access to a compromised AWS instance, and permissions to list the available container images, they may implant a backdoor such as a Web Shell.[1] Adversaries may also implant Docker images that may be inadvertently used in cloud deployments, which has been reported in some instances of cryptomining botnets.[3]

ID: T1525
Sub-techniques:  No sub-techniques
Tactic: Persistence
Platforms: AWS, Azure, GCP
Permissions Required: User
Data Sources: Asset management, File monitoring
Contributors: Praetorian
Version: 1.0
Created: 04 September 2019
Last Modified: 25 March 2020


Mitigation Description

Periodically check the integrity of images and containers used in cloud deployments to ensure they have not been modified to include malicious software.

Code Signing

Several cloud service providers support content trust models that require container images be signed by trusted sources.[4][5]

Privileged Account Management

Limit permissions associated with creating and modifying platform images or containers based on the principle of least privilege.


Monitor interactions with images and containers by users to identify ones that are added or modified anomalously.